Add all ServerAltNames from server cert to fiddler generated cert ??

96 views
Skip to first unread message

fahad

unread,
Jul 1, 2018, 1:07:56 PM7/1/18
to Fiddler
Hello,

My issue is pretty much similar, described in these threads : 

I tried the following two solutions as suggested :

#1 >> Setting the preference fiddler.network.https.SetCNFromSNI to true.
But it's not full-proof, as some clients/apps doesn't send SNI.

#2 >> adding this inside OnBeforeRequest function :

   if (oSession.HTTPMethodIs("CONNECT")) {
     oSession["X-UseCertCNFromServer"] = "AndroidTesting";
     oSession["X-IgnoreCertCNMismatch"] = "ImplicitlyTrustingServerCN";
   }

But it also has some limitations. The only time it works is when the server sends a certificate that has the subject CN same as requested domain/hostname. But if requested hostname is in the ServerAltName (in server cert), then the fiddler generated cert doesn't work.

So I was wondering, Is it not possible to add all SANs to the fiddler generated cert? IMO, it should be the preferred behavior, as fiddler is getting original certificate from the server first, so it should have all the cert info available beforehand, right??

Thanks!

EricLaw

unread,
Jul 9, 2018, 3:47:18 PM7/9/18
to Fiddler
Conceivably, yes, Fiddler could do what you're asking.

The right fix here is for   oSession["X-UseCertCNFromServer"]  to copy over both the CN and all SANs for the certificate it generates.

Please file a bug at https://fiddler.ideas.aha.io and I will vote it up.

fahad

unread,
Jul 10, 2018, 7:19:17 AM7/10/18
to Fiddler
Thanks! 
Filed a bug. Please fix it soon :)

fahad

unread,
Jul 10, 2018, 12:53:01 PM7/10/18
to Fiddler
BTW, is there any quick fix through fiddler-script or something? I need it quite urgently.
Thanks!

EricLaw

unread,
Jul 12, 2018, 11:38:45 AM7/12/18
to Fiddler
It wouldn't be trivial to do this in script, but it could be possible with a bunch of work.

Can you elaborate more on your scenario? Why do you need this at all? Do you need it for more than 1 (or a small number of) server? 
Message has been deleted

Jerry Lee Daniel

unread,
Dec 18, 2023, 4:21:40 PM12/18/23
to Fiddler

For Crypto Trading Investment Guidelines.
Business Administration
📱 Account Management
💳 Entrepreneurship
📈📉 Binary Options/Bitcoin Expert 💰 Loan
Best in stock marketing and Crypto currency investment.

NOTE: ONLY SERIOUS / ACTIVE TRADER CAN CONTACT.

DM ME ON WHATSAPP
+447487588816
Reply all
Reply to author
Forward
0 new messages